[SOLVED] How to find out how many current fail2ban bans I have?

ScottG · 09-17-2013, 08:54 AM

Hi

I would like to know how to tell how many current bans a fail2ban jail has? I know I could use > status <jail> but this returns all the banned IP addresses too - and I have thousands :-( Is there a way to show number of bans without listing IPs?

Previously I was using iptables to ban so I was able to use service iptables status | wc -l to see how many entries there were but after 24,000 bans (in less than 8 hours) the server started having memory issues. Therefore, on advise from this forum, I have changed over ipset and it is working fine (so far) but I cannot use the above command to view the number of bans.

Thanks very much for reading and for any help.

Scott

unSpawn · 09-17-2013, 02:05 PM

The number of `ipset -S YOUR_IPSET_SET_NAME|wc -l` minus two for the header and minus two footer.

ScottG · 09-17-2013, 03:33 PM

Thanks - just what I was looking for

unSpawn · 09-17-2013, 04:57 PM

NP. BTW this could be a way to list all sets and their use:

Code:

ipset --list | awk '/^Name:/ {print $2}'|while read SETNAME; do
 COUNT=$(ipset --list "${SETNAME}"|grep -v ':' -c); echo "${SETNAME}: ${COUNT}"
done